A comprehensive, enterprise-grade authentication system built with Jakarta EE technologies. This application demonstrates secure user management, password recovery via email, and robust session handling.
- ✅ User registration with validation
- ✅ Secure login with BCrypt password hashing
- ✅ Session-based authentication
- ✅ Remember me functionality
- ✅ Logout with session cleanup
- 🔐 Secure password hashing with BCrypt
- 📧 Email-based password reset with 6-digit verification codes
- 🔒 Password change functionality
- 📋 Password requirements enforcement
- 👤 User profile management
- ✏️ Profile editing capabilities
- 📊 Protected dashboard with authentication filter
- 🎨 Responsive, modern UI design
- 🛡️ CSRF protection considerations
- 🚫 Input validation and sanitization
- 🔒 Session timeout management (15 minutes for password reset)
- 📋 Security constraints configuration
- 🔐 Secure cookie configuration (HTTP-only)
- Jakarta EE 10 - Enterprise Java framework
- Servlet API 6.0 - Web component development
- JSP 3.1 - Dynamic web pages
- JSTL - JSP Standard Tag Library
- Hibernate 6.4 - ORM for database operations
- PostgreSQL - Primary database
- Redis - Session storage and caching
- JavaMail - Email functionality
- HTML5/CSS3 - Modern responsive design
- Vanilla JavaScript - Client-side interactions
- JSP Templates - Server-side rendering
- Apache Maven - Dependency management and build automation
- Docker & Docker Compose - Containerization
- Apache Tomcat 10.1 - Application server
- C3P0 - Database connection pooling
- Lombok - Code generation
- SLF4J - Logging framework
- JUnit - Testing framework
- Java 17 or higher
- Maven 3.6+
- Docker & Docker Compose
- PostgreSQL (or use the provided Docker setup)
- Redis (or use the provided Docker setup)
- Gmail account with App Password (for email functionality)
git clone <repository-url>
cd authapp2Create a .env file with your Gmail credentials:
# Generate App Password at: https://myaccount.google.com/apppasswords
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-16-digit-app-password
FROM_EMAIL=your-email@gmail.comdocker-compose up -d- Application: http://localhost:8080
- Login: http://localhost:8080/login
- Register: http://localhost:8080/register
- Forgot Password: http://localhost:8080/forgot-password
authapp2/
├── src/main/
│ ├── java/com/auth/
│ │ ├── dao/ # Data Access Objects
│ │ ├── model/ # Entity classes
│ │ ├── servlet/ # HTTP request handlers
│ │ ├── filter/ # Security filters
│ │ ├── service/ # Business logic
│ │ └── util/ # Utility classes (Password, Email)
│ ├── webapp/
│ │ ├── WEB-INF/
│ │ │ ├── views/ # JSP pages
│ │ │ └── web.xml # Deployment descriptor
│ │ └── css/ # Stylesheets
│ └── resources/
│ ├── META-INF/ # JPA configuration
│ └── email.properties # Email settings template
├── docker/
│ └── Dockerfile # Application container
├── docker-compose.yml # Multi-container setup
├── pom.xml # Maven configuration
├── .env.example # Environment variables template
└── README.md # This file
The application uses PostgreSQL with connection pooling. Database settings are configured in:
src/main/resources/META-INF/persistence.xml- JPA configurationdocker-compose.yml- Docker database setup
Email functionality uses Gmail SMTP. Configure in:
.envfile (recommended) orsrc/main/java/com/auth/util/EmailUtil.java
Security settings are in src/main/webapp/WEB-INF/web.xml:
- Session timeout: 30 minutes
- Password reset timeout: 15 minutes
- Transport guarantee: Configurable (HTTP/HTTPS)
- Enable 2-Step Verification on your Gmail account
- Visit Google App Passwords
- Generate a new app password:
- Select app: "Mail"
- Select device: "Other" → "AuthApp"
- Use the 16-character password in your
.envfile
Update EmailUtil.java with your SMTP provider settings:
SMTP_HOST = "smtp.your-provider.com"
SMTP_PORT = "587" // or appropriate portThe application is fully containerized with:
- tomcat: Application server (port 8080)
- postgres: PostgreSQL database (port 5432)
- redis: Redis cache (port 6379)
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f tomcat
# Stop services
docker-compose down
# Rebuild after changes
mvn clean package && docker-compose up -d --build- Registration: Create a new user account
- Login: Test authentication functionality
- Password Reset: Test email verification flow
- Profile Management: Edit user profile
- Session Management: Test session timeout
# Run all tests
mvn test
# Run specific test class
mvn test -Dtest=UserServiceTest- ✅ Password hashing with BCrypt
- ✅ Session timeout management
- ✅ Input validation
- ✅ SQL injection protection via JPA/Hibernate
- ✅ XSS protection via JSP escaping
- ✅ Email verification for password reset
- 🔄 Enable HTTPS (change transport-guarantee to CONFIDENTIAL)
- 🔑 Use environment variables for sensitive data
- 🛡️ Implement rate limiting
- 📝 Add comprehensive logging and monitoring
- 🔐 Set up CSP headers
- 🌐 Configure reverse proxy (Nginx/Apache)
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
full_name VARCHAR(50),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);GET /- Welcome pageGET /login- Login formPOST /login- Process loginGET /register- Registration formPOST /register- Process registrationGET /forgot-password- Forgot password formPOST /forgot-password- Send reset codeGET /reset-password- Reset password formPOST /reset-password- Process password reset
GET /dashboard- User dashboardGET /profile- View profileGET /edit-profile- Edit profile formPOST /edit-profile- Update profileGET /change-password- Change password formPOST /change-password- Update passwordPOST /logout- Logout
- Check Gmail app password configuration
- Ensure 2-Step Verification is enabled
- Verify SMTP settings in
.envfile
- Verify PostgreSQL is running:
docker ps | grep postgres - Check database credentials in docker-compose.yml
- Review persistence.xml configuration
- Check Docker logs:
docker logs auth-tomcat - Verify WAR file exists in target/ directory
- Check for port conflicts (8080)
- Clear browser cookies and session data
- Check Redis connection if using external session storage
- Review session timeout configuration
- Create/update servlets in
src/main/java/com/auth/servlet/ - Add JSP views in
src/main/webapp/WEB-INF/views/ - Update security filters if needed
- Add DAO methods for database operations
- Follow Java naming conventions
- Use Lombok for boilerplate code reduction
- Maintain separation of concerns (DAO → Service → Servlet)
- Add proper logging and error handling
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-feature - Commit changes:
git commit -m 'Add new feature' - Push to branch:
git push origin feature/new-feature - Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Jakarta EE community for the enterprise framework
- Spring Security inspiration for authentication patterns
- BCrypt library for secure password hashing
- Docker community for containerization tools
- Bootstrap and modern CSS frameworks for UI inspiration
Note: This is an educational project demonstrating enterprise Java patterns. For production deployment, ensure all security configurations are properly hardened.